Conventional techniques of detecting security threats include using a firewall or using an intrusion detection system. Such conventional techniques operate based on predefined rules and/or known signatures of unauthorized traffic. However, using static rules or known signatures are less effective against security threats whose signatures are not yet known (e.g., zero-day attacks) and/or whose behavior changes over time. It would be desirable to detect security threats in a more dynamic and holistic manner.